Tools to make SharePoint Admin life easier

These are common tools help SharePoint admin to manage and audit SharePoint farm easily.
Automated SharePoint 2010/2013/2016 PowerShell-based installation script.
2-SharePoint Load Generation Tool
Load Generation Tool Visual Studio Template can be installed for Visual Studio 2013 Ultimate and Visual Studio 2015 Enterprise editions. The tool can be used to test load for SharePoint Server 2013 and SharePoint Server 2016 farms.
3-SharePoint Feature Administration and Clean Up Tool
FeatureAdmin is a tool for SharePoint administrators and developers to manage SP features. It finds and cleans faulty FeatureDefinitions and orphaned reminders.
4-Windows PowerShell for SharePoint Command Builder Guide
Explore a free online tool that enables IT professionals and power users to visually assemble commands related to SharePoint 2010 / 2013 and Office 365
5-ULS Viewer
ULS Viewer is a Windows application that provides a simplified view of ULS log files in SharePoint 2013
SPSFarmReport is a scripted-tool that can be used to gather topology-related details from SharePoint farms.
Generate SharePoint Documentation, Manage Permissions & Compare Farms
8-SharePoint Manager
The SharePoint Manager 2013 is a SharePoint object model explorer. It enables you to browse every site on the local farm and view every property.
9-Search Health Reports (SRx)
PowerShell-driven tool for surfacing complex diagnostics for SharePoint Search through new multifaceted reports. The SRx includes a battery of tests that leverage a customized SSA object extended with contextual data from many disparate sources.


Points to consider when upgrading to SharePoint 2016

Before upgrading to SharePoint 2016, the below points will guide you to get efficient solution and to minimize the project risks.


  • There is difference between upgrade and migrate where upgrade will take the whole database content but migrate will move the content only to the new farm
  • In general, if you have well-structured site, content and customization then go with upgrade else it’s better to migrate the content and start with fresh content database
  • You can only upgrade from SharePoint 2013 to SharePoint 2016 and if you have older version than SharePoint 2013 then you need to upgrade it to SharePoint 2013 before SharePoint 2016 or you can use third party tools
  • Build sold plan and strategy before upgrading by determines the current configuration, customization, dependencies and removed or deprecated services
  • List all SharePoint application services that could be upgraded or not
  • Test the content database and don’t ignore the issues
  • Testing is an iteration process and may repeated many times until you get stable status
  • Document every step and fix that will be found
  • Resolve content, missing web parts , orphans … in SharePoint 2013 and then upgrade it to SharePoint 2016
  • Make sure there is no 14 Mode sites before upgrade to SharePoint 2016
  • No Service pack or cumulative update required to upgrade from SharePoint 2013 to SharePoint 2016 but it’s recommended to have the last update
  • It is recommended to always migrate your Service Applications before you migrate your Web Applications and SharePoint sites
  • Make sure to have claim authentication before upgrade to SharePoint 2016 and avoid to use classic authentication
  • Delete and remove unused contents, services and customization before upgrade to SharePoint 2016


More References:

Error while running SharePoint Configuration Wizard 2013 – The process does not possess the ‘SeSecurityPrivilege’ privilege

While running SharePoint Configuration Wizard for SharePoint 2013, got the below error:


Even if the SharePoint user used for installation (spAdmin) belong to local administrators group of SharePoint Servers, but because there is security group policy could cause this issue , you need to add this user to Manage auditing and security log policy (Browse to GPEDIT.msc Computer Config\Windows Settings\Security Settings\Local Polices\User Rights Assignement).

Note: Don’t forget to logout and login after applying the new policy.

Create and configure a Search service application in SharePoint Server 2013/2016

Learn how to create and configure a SharePoint Search service application using PowerShell and then how to modify the search topology.

You can create Search service application using Central administration or PowerShell but with  PowerShell , you have more control over the database names and to avoid GUIDs.

Login to the server where All of search components will be hosted whether is configured as a “Search” or “Application with Search” MinRole server, or “Custom”.

Modify the highlighted parameters to be applicable to your SharePoint farm in order to create new search service in one server:

 Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue  
 # Settings   
 $IndexLocation = "D:\Logs\SearchIndex"  
 $SearchAppPoolName = "Search App Pool"   
 $SearchAppPoolAccountName = "domain\spssearch"   
 $SearchServerName = (Get-ChildItem env:computername).value   
 $SearchServiceName = "Test Search Service"   
 $SearchServiceProxyName = "Test Search Proxy"   
 $DatabaseName = "Search_ADminDB"   
 Write-Host -ForegroundColor Yellow "Checking if Search Application Pool exists"   
 $SPAppPool = Get-SPServiceApplicationPool -Identity $SearchAppPoolName -ErrorAction SilentlyContinue  
 if (!$SPAppPool)   
 Write-Host -ForegroundColor Green "Creating Search Application Pool"   
 $spAppPool = New-SPServiceApplicationPool -Name $SearchAppPoolName -Account $SearchAppPoolAccountName -Verbose   
 Write-host "Start Search Service instances...."   
 Start-SPEnterpriseSearchServiceInstance $SearchServerName -ErrorAction SilentlyContinue   
 Start-SPEnterpriseSearchQueryAndSiteSettingsServiceInstance $SearchServerName -ErrorAction SilentlyContinue  
 Write-Host -ForegroundColor Yellow "Checking if Search Service Application exists"   
 $ServiceApplication = Get-SPEnterpriseSearchServiceApplication -Identity $SearchServiceName -ErrorAction SilentlyContinue  
 if (!$ServiceApplication)   
 Write-Host -ForegroundColor Green "Creating Search Service Application"   
 $ServiceApplication = New-SPEnterpriseSearchServiceApplication -Partitioned -Name $SearchServiceName -ApplicationPool $spAppPool.Name -DatabaseName $DatabaseName   
 Write-Host -ForegroundColor Yellow "Checking if Search Service Application Proxy exists"   
 $Proxy = Get-SPEnterpriseSearchServiceApplicationProxy -Identity $SearchServiceProxyName -ErrorAction SilentlyContinue  
 if (!$Proxy)   
 Write-Host -ForegroundColor Green "Creating Search Service Application Proxy"   
 New-SPEnterpriseSearchServiceApplicationProxy -Partitioned -Name $SearchServiceProxyName -SearchApplication $ServiceApplication   
 Write-Host $ServiceApplication.ActiveTopology  
 Write-Host "Configuring Search Component Topology...."   
 $clone = $ServiceApplication.ActiveTopology.Clone()   
 $SSI = Get-SPEnterpriseSearchServiceInstance -local   
 New-SPEnterpriseSearchAdminComponent –SearchTopology $clone -SearchServiceInstance $SSI   
 New-SPEnterpriseSearchContentProcessingComponent –SearchTopology $clone -SearchServiceInstance $SSI   
 New-SPEnterpriseSearchAnalyticsProcessingComponent –SearchTopology $clone -SearchServiceInstance $SSI   
 New-SPEnterpriseSearchCrawlComponent –SearchTopology $clone -SearchServiceInstance $SSI  
 Remove-Item -Recurse -Force -LiteralPath $IndexLocation -ErrorAction SilentlyContinue   
 mkdir -Path $IndexLocation -Force  
 New-SPEnterpriseSearchIndexComponent –SearchTopology $clone -SearchServiceInstance $SSI -RootDirectory $IndexLocation   
 New-SPEnterpriseSearchQueryProcessingComponent –SearchTopology $clone -SearchServiceInstance $SSI   
 Write-host "Your search service application $SearchServiceName is now ready"  

Next step to modify the topology to match your requirement, let assume that we have 4 SharePoint Servers (2 as web servers and 2 as Search servers) , in this case we can divide the search components as following:


So Query Processing and Index Partition will be hosted in front end or web servers and the rest of search components will be hosted in Search or Application Servers because no direct interaction with end users.

1- Run SharePoint service on each host that will used to run the search components

$host1 = Get-SPEnterpriseSearchServiceInstance -Identity "server1"  
 $host2 = Get-SPEnterpriseSearchServiceInstance -Identity "server2"  
 $host3 = Get-SPEnterpriseSearchServiceInstance -Identity "appserver1"  
 $host4 = Get-SPEnterpriseSearchServiceInstance -Identity "appserver2"  
 Start-SPEnterpriseSearchServiceInstance -Identity $host1  
 Start-SPEnterpriseSearchServiceInstance -Identity $host2  
 Start-SPEnterpriseSearchServiceInstance -Identity $host3  
 Start-SPEnterpriseSearchServiceInstance -Identity $host4  

Don’t go to the next commands until all servers become Online, you can check the status using the following command:


2- Get Current Topology

 $ssa = Get-SPEnterpriseSearchServiceApplication  

3- Clone Current Topology to modify it

 $newSSA = New-SPEnterpriseSearchTopology -SearchApplication $ssa  

4- Create Search Components for each host

 #Recommanded in WFE Server (Query Component and Indexes only)  
 New-SPEnterpriseSearchQueryProcessingComponent -SearchTopology $newSSA -SearchServiceInstance $host1  
 New-SPEnterpriseSearchQueryProcessingComponent -SearchTopology $newSSA -SearchServiceInstance $host2  
 New-SPEnterpriseSearchIndexComponent -SearchTopology $newSSA -SearchServiceInstance $host1 -IndexPartition 0  
 New-SPEnterpriseSearchIndexComponent -SearchTopology $newSSA -SearchServiceInstance $host2 -IndexPartition 0  
 #Recommanded in Application Server (Admin , Crawl , Content Processing and Analytics processing)  
 New-SPEnterpriseSearchAdminComponent -SearchTopology $newSSA -SearchServiceInstance $host3  
 New-SPEnterpriseSearchCrawlComponent -SearchTopology $newSSA -SearchServiceInstance $host3  
 New-SPEnterpriseSearchContentProcessingComponent -SearchTopology $newSSA -SearchServiceInstance $host3  
 New-SPEnterpriseSearchAnalyticsProcessingComponent -SearchTopology $newSSA -SearchServiceInstance $host3  
 New-SPEnterpriseSearchAdminComponent -SearchTopology $newSSA -SearchServiceInstance $host4  
 New-SPEnterpriseSearchCrawlComponent -SearchTopology $newSSA -SearchServiceInstance $host4  
 New-SPEnterpriseSearchContentProcessingComponent -SearchTopology $newSSA -SearchServiceInstance $host4  
 New-SPEnterpriseSearchAnalyticsProcessingComponent -SearchTopology $newSSA -SearchServiceInstance $host4  

5- Activate New Topology

 Set-SPEnterpriseSearchTopology -Identity $newSSA  

It’s recommended to remove the inActive topologies to avoid confusion in future, you can find how to remove it and change search service account in the following link:


Plan for service accounts in SharePoint Server 2016

I just want to talk about two points related to SharePoint 2016 service accounts which show the differences between current version and previous version of SharePoint server.
In previous version, farm service account has to belong to local administrator group of SharePoint servers especially if you have Forefront Identity Manager and User Profile but because of Forefront Identity Manager is removed from SharePoint Server 2016 no longer requires Local Administrator rights on any SharePoint server.
The second point that Claims to Windows Token Service account is now the only account that continues to require Local Administrator rights (only servers running C2WTS services).
For more details, you can find the below links for Plan for administrative and service accounts in SharePoint Server.

Updated – Maximizing SharePoint Security whitepaper 1.1

I updated Maximizing SharePoint Security whitepaper with the following changes:

  • Add CIS SharePoint benchmark
  • Add link for more security headers like HTTP Public Key Pinning and others
  • Add more security controls in SharePoint configurations
  • Fix Search Crawl Rules

You can download the document from this URL


httpOnly attribute and Out of the box SharePoint workflow

HTTPOnlyCookies attribute is a good security control but if you enable it in SharePoint it will prevent or cause an error when you are creating out of the box SharePoint workflows.

Error :

“Application error when access /_layouts/15/CstWrkflIP.aspx, Error=Value cannot be null. ….”


Remove this attribute httpOnlyCookies=”true” from web.config and accept the risk or extend the SharePoint web application and only remove it from internal access website.

SharePoint Server 2016 Security

SharePoint Server 2016 and Office Online Server support TLS 1.2 connection encryption by default so you can disable all old protocols safely.

Workflow Manager supports SSL 3.0 (It’s recommended to disable it) and  TLS 1.0 but it can communicate with SharePoint through TLS 1.2

New features in SharePoint 2016

Learn about the most important new features in SharePoint Server 2016 as following :


It is a set of predefined server roles, newly introduced in SharePoint Server 2016. SharePoint will automatically configure the services based on the server’s role. The performance of the farm is optimized based on that topology

SharePoint Add-ins

The name “apps for SharePoint” is changing to “SharePoint Add-ins”.

SharePoint Add-ins are self-contained extensions of SharePoint websites that you create, and that run without custom code on the SharePoint server

Zero-Downtime Patching

To patch a server in a SharePoint Server 2016 farm by using Zero Downtime Patching

Fast Site Collection Creation

Fast Site Collection Creation is a new capability in SharePoint Server 2016 IT Preview that improves Site Collection creation performance by reducing Feature activation overhead

Project Server 2016 installer is fully integrated into SharePoint 2016

The Project Server 2016 installer is fully integrated into SharePoint 2016—a separate installer no longer needs to be run on each server in the farm

Finally , check this link for more details about new and improved features in SharePoint Server 2016


Office Online Server (OOS)

Do you remember Office Web Apps in SharePoint 2013 , Microsoft changed its name to Office Online Server but it doesn’t mean this is not on premises.

As Office web apps , You can View and Create/Edit (need a license) the following documents types:

  • Word
  • PowerPoint
  • Excel
  • OneNote

This product is not only for SharePoint , you can use it with other Microsoft products like exchange , Skype , .. and that’s why it needs a separate server.

Also it provides your search preview feature and mandatory for SharePoint 2016 BI.

For more information